Amendment under 37 CFR 1.111 
Serial No. 09/425,736 
Attorney Docket No. 991 176 

AMENDMENTS TO THE CLAIMS 

This listing of claims replaces all prior versions of claims in the application. 
Listing of claims: 

Claim 1 (Currently Amended): An illegal access discriminating apparatus that is placed 
in advanced of a user authentication system using biometrics which needs user information 
comprised of ID information and organic informationa l A s e rvic e providing syst e m comprising: 

a ser\^ic e providing apparatus in which organic information of th e us e r is previously 
r e gist e r e d in corr e spond e nc e to ID information, ID information and organic information bas e d on 
on auth e ntication d e mand of th e us e r ar e inputted, th e regist e r e d organic information 
corr e sponding to th e inputt e d ID information is r e ad out and collat e d, and wh e n th e y coincid e , 
use of th e apparatus is permitt e d; and 

an ill e gal acc e ss discriminating apparatus for discriminating an ill e gal acc e ss by an 
attack e r to said s e rvic e providing apparatus, wh e r e in 

said ill e gal access discriminating apparatus compris e s: 

an inputting and storing unit for inputting and a first storing unit for temporarily storing 
the latest pair of ID information and organic information inputted by a user when the user is 
being authenticated, bas e d on th e auth e ntication d e mand which said servic e providing syst e m 
receiv e d fi-om th e us e r, 

a second us e information storing unit for storing pairs of ID information and organic 
information which were inputted by arbitrary users within predetermined time, wherein said ID 
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information and organic information is transferred from said first storing unit to said second 
storing unit after each authentication bas e d on the auth e ntication demand which the G e r\dc e 
providing syst e m r e ceiv e d in the past from th e user within a prodotormin e d tim e; 

a comparing and collating unit for comparing and collating the latest inputted ID 
information and organic information with all of ID information and organic information stored in 
said second storing unit which were inputted and not previously registered in the past; and 

a control unit for discriminating an authentication demand by Sie an attacker by counting 
the number of said comparing-coUating results which satisfy predetermined conditions and 
judging authentication demand as the one by an attacker if said counted number exceeds 
predetermined value on the basis of on output of said comparing and collating unit and notifying 
said servdcQ providing apparatus of it . 

Claim 2 (Cancelled). 

Claim 3 (Original): An apparatus according to claim 1, wherein said control unit 
determines that there is the authentication demand by the illegal access person in the case where 
the ID information does not coincide and the organic information coincides or the case where the 
ID information coincides and the organic information does not coincide on the basis of the output 
of said comparing and collating unit. 
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Claim 4 (Original): An apparatus according to claim 1, wherein said storing unit stores a 
telephone number serving as a transmitting source, a terminal position such as a network address, 
and an input time in correspondence to the ID information and organic information which were 
inputted in the past, and 

said control unit determines that there is the authentication demand by the illegal access 
person in the case where the comparison result by said comparing and collating unit between the 
inputted ID information and the past ID information inputted from a same terminal position 
within a predetermined time indicates dissidence. 

Claim 5 (Original): An apparatus according to claim 1, wherein said control unit 
discriminates whether the past ID information has a serial number for the inputted ID 
information or not and, when it is determined that the past ID information has the serial number, 
said control unit determines that there is the authentication demand by the illegal access person at 
a predetermined designated number of times. 

Claim 6 (Original): An apparatus according to claim 1, wherein when the inputted 
organic information and the organic information which was inputted in the past coincide, said 
control unit detects a combination in which the organic information coincides and the ID 
information differs, and when the number of said combinations reaches a predetermined number, 
said control unit determines that there is the authentication demand by the illegal access person. 
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Claim 7 (Original): An apparatus according to claim 1, wherein said comparing and 
collating unit comprises: 

an ID information comparing unit for comparing the inputted ID information and the ID 
information which was inputted in the past and generating a signal indicative of coincidence or 
dissidence; and 

an organic information collating unit for comparing the inputted organic information and 
the organic information which was inputted in the past, generating a signal indicative of 
coincidence of the organic information in the case where a value of a predetermined coincidence 
degree or more is obtained, and generating a signal indicative of dissidence of the organic 
information in the case where a value less than said predetermined coincidence degree is 
obtained. 

Claim 8 (Original): An apparatus according to claim 1, further comprising a timer unit 
for measuring a time, and wherein the ID information and organic information which were 
inputted in the past after the elapse of a predetermined time from the storage on the basis of time 
information measured by said timer unit are erased and excluded from targets of the comparison 
and collation. 
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Claim 9 (Original): An apparatus according to claim 1, wherein 

said storing unit stores a telephone number serving as a transmitting source and a terminal 
position such as a network address or the like together with the ID information and organic 
information which were inputted in the past, and 

said comparing and collating unit compares and collates the inputted ID information and 
organic information with the ID information and organic information which were inputted in the 
past from a same terminal position. 

Claim 10 (Original): An apparatus according to claim 1, further comprising: 

an authentication demand terminal address recording imit for recording the number of 

times of authentication demand every terminal address; and 

a same terminal access detecting unit for detecting that the authentication demand of a 

predetermined number or more has been performed within a predetermined time with reference 

to said authentication demand terminal address, activating said comparing and collating unit and 

said control unit, and allowing an illegal access to be discriminated. 

Claim 11 (Original): An apparatus according to claim 1, wherein when it is determined 
that there is the authentication demand by the illegal access person, said control unit 
automatically notifies an administrator of the service providing system of a result of said 
discrimination. 
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Claim 12 (Currently Amended): An illegal access discriminating method that is placed in 
advanced of a user authentication system using biometric which needs user information 
comprised of ID information and organic information, comprising: 

a service providing st e p of pr e viously r e gist e ring organic information of th e user in 
corr e spondenc e to ID information, inputting ID information and organic information bas e d on an 
auth e ntication d e mand of th e us e r r e ading out th e r e gist e r e d organic information corr e sponding 
to th e inputt e d ID information and collating, and when th e y coincid e , permitting use of th e 
apparatus; and 

on ill e gal acc e ss discriminating st e p of discriminating an ill e gal acc e ss by an attack e r to 
said s e rvice providing apparatus, wh e r e in 

said ill e gal acc e ss discriminating step compris e s: 

an inputting and storing st e p of inputting and a first storing step of temporarily storing the 
latest pair of ID information and organic information inputted by a user when the user is being 
authenticated; bas e d on the auth e ntication d e mand which said s e rvice providing syst e m r e c e iv e d 
in th e past fi-om th e us e r, 

a us e information second storing step of storing pairs of ID information and organic 
information which were inputted by arbitrary users within predetermined time, wherein said ID 
information and organic information is transferred firom said first storing unit to said second 
storing unit after each authentication bas e d on th e auth e ntication d e mand which th e s e r\^c e 
providing syst e m r e ceived in the past from th e us e r ; 
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a comparing and collating step of comparing and collating the latest inputted ID 
information and organic information with all of ID information and organic information stored in 
said second storing step which were inputted and not pr e viously r e gist e r e d in the past; and 

a control step of discriminating m authentication demand by an attacker by counting the 
number of said comparing-collating results which satisfy predetermined conditions and judging 
authentication demand as the one by an attacker if said counted mmiber exceeds predetermined 
value ill e gal access p e rson on th e basis of an output in said comparing and collating st e p and 
notifying said s e r\dc e providing apparatus of it . 

Claim 13 (Cancelled). 

Claim 14 (Original): A method according to claim 12, wherein in said control step, it is 
determined that there is the authentication demand by the illegal access person in the case where 
the ID information does not coincide and the organic information coincides or the case where the 
ID information coincides and the organic information does not coincide on the basis of the output 
in said comparing and collating step. 
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Claim 15 (Original): A method according to claim 12, wherein 

in said storing step, a telephone number serving as a transmitting source, a terminal 
position such as a network address, and an input time in correspondence to the ID information 
and organic information which were inputted in the past are stored, and 

in said control step, it is determined that there is the authentication demand by the illegal 
access person in the case where the comparison result in said comparing and collating step 
between the inputted ID information and the past ID information inputted from a same terminal 
position within a predetermined time indicates dissidence. 

Claim 16 (Original): A method according to claim 12, wherein in said control step, 
whether the past ID information has a serial nimiber for the inputted ID information or not is 
discriminated and, when it is determined that the past ID information has the serial number, it is 
determined that there is the authentication demand by the illegal access person at a predetermined 
designated number of times. 

Claim 17 (Original): A method according to claim 12, wherein in said control step, when 
the inputted organic information and the organic information which was inputted in the past 
coincide, a combination in which the organic information coincides and the ID information 
differs is detected, and when the number of said combinations reaches a predetermined number, 
it is determined that there is the authentication demand by the illegal access person. 
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Claim 18 (Original): A method according to claim 12, wherein said comparing and 
collating step comprises: 

an ID information comparing step of comparing the inputted ID information and the ID 
information which was inputted in the past and generating a signal indicative of coincidence or 
dissidence; and 

an organic information collating step of comparing the inputted organic information and 
the organic information which was inputted in the past, generating a signal indicative of 
coincidence of the organic information in the case where a value of a predetermined coincidence 
degree or more is obtained, and generating a signal indicative of dissidence of the organic 
information in the case where a value less than said predetermined coincidence degree is 
obtained. 

Claim 19 (Original): A method according to claim 12, further comprising a timer step of 
measuring a time, and wherein the ID information and organic information which were inputted 
in the past after the elapse of a predetermined time from the storage on the basis of time 
information measured in said timer step are erased and excluded from targets of the comparison 
and collation. 
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Claim 20 (Original): A method according to claim 12, wherein 

in said storing step, a telephone number serving as a transmitting source and a terminal 
position such as a network address or the like are stored together with the ID information and 
organic information which were inputted in the past, and 

in said comparing and collating step, the inputted ID information and organic information 
with the ID information and organic information which were inputted in the past from a same 
terminal position are compared and collated. 

Claim 21 (Original): A method according to claim 12, further comprising: 

an authentication demand terminal address recording step of recording the number of 

times of authentication demand every terminal address; and 

a same terminal access detecting step of detecting that the authentication demand of a 

predetermined number or more has been performed within a predetermined time v^th reference 

to said authentication demand terminal address, activating said comparing and collating step and 

said control step, and allowing an illegal access to be discriminated. 

Claim 22 (Original): A method according to claim 12, wherein in said control step, when 
it is determined that there is the authentication demand by the illegal access person, a result of 
said discrimination is automatically notified to an administrator of the service providing system. 
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